MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 506033f7a6ea5c9e4d89f9edcc998ed1f33fb74e4a2a4f32af8cec2ec009a906. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AntiDot

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	506033f7a6ea5c9e4d89f9edcc998ed1f33fb74e4a2a4f32af8cec2ec009a906
SHA3-384 hash:	9dafff10c7f41f263e2ee8efbced53327b08df837a61d46d9f6305808442f242e2ff3e63e9485335ef7a57d9f7dd6ce8
SHA1 hash:	c532a2097ac342abdee5aa0927d6359db7f787ac
MD5 hash:	1c97d8953486280cc04570fce5f0f4dc
humanhash:	lion-ten-cola-may
File name:	IdentitasKependudukanDigital.apk
Download:	download sample
Signature	AntiDot Create hunting rule
File size:	14'293'196 bytes
First seen:	2025-12-30 11:36:09 UTC
Last seen:	2025-12-30 14:36:20 UTC
File type:	apk
MIME type:	application/zip
ssdeep	393216:0bFKw960RbQ/jUZRoQkx2+ADZnYv5Fhvt3FhQ:u/QgZR9kPkevdN7Q
TLSH	T1D8E62346F72C582FC8B315B20DAA97721A565D528E83DB437848371C68B7AE80F49FDC
TrID	50.0% (.APK) Android Package (27000/1/5) 23.1% (.VYM) VYM Mind Map (12500/1/3) 19.4% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3) 7.4% (.ZIP) ZIP compressed archive (4000/1)
Magika	apk
Reporter	zhuzhu0009
Tags:	Antidot apk

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm base64 crypto evasive expand fingerprint lolbin persistence signed

Link:

https://www.filescan.io/uploads/6953b9322fb7bb52ca820922/reports/49534dcf-1433-494d-9747-cb61fa7d2e8a/overview

Result

Link:

https://incinerator.cloud/#/public/report/1c97d8953486280cc04570fce5f0f4dc/detail

Application Permissions

display system-level alerts (SYSTEM_ALERT_WINDOW)

read external storage contents (READ_EXTERNAL_STORAGE)

read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)

Allows an application a broad access to external storage in scoped storage (MANAGE_EXTERNAL_STORAGE)

read phone state and identity (READ_PHONE_STATE)

directly call phone numbers (CALL_PHONE)

take pictures and videos (CAMERA)

read contact data (READ_CONTACTS)

coarse (network-based) location (ACCESS_COARSE_LOCATION)

fine (GPS) location (ACCESS_FINE_LOCATION)

Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)

read SMS or MMS (READ_SMS)

retrieve running applications (GET_TASKS)

modify global system settings (WRITE_SETTINGS)

full Internet access (INTERNET)

view Wi-Fi status (ACCESS_WIFI_STATE)

control vibrator (VIBRATE)

view network status (ACCESS_NETWORK_STATE)

reorder applications running (REORDER_TASKS)

prevent phone from sleeping (WAKE_LOCK)

automatically start at boot (RECEIVE_BOOT_COMPLETED)

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/506033f7a6ea5c9e4d89f9edcc998ed1f33fb74e4a2a4f32af8cec2ec009a906

Verdict:

Malicious

File Type:

apk

First seen:

2025-11-26T02:15:00Z UTC

Last seen:

2025-12-31T03:23:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/506033f7a6ea5c9e4d89f9edcc998ed1f33fb74e4a2a4f32af8cec2ec009a906/results?tab=lookup

Score:

96%

Verdict:

Malware

File Type:

APK

Link:

https://malprob.io/report/506033f7a6ea5c9e4d89f9edcc998ed1f33fb74e4a2a4f32af8cec2ec009a906

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/506033f7a6ea5c9e4d89f9edcc998ed1f33fb74e4a2a4f32af8cec2ec009a906/

Threat name:

Win32.Trojan.Kepavll

Status:

Malicious

First seen:

2025-11-28 13:07:24 UTC

File Type:

Binary (Archive)

Extracted files:

1654

AV detection:

12 of 36 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kbqdh55g5joj4tmj7hw4zgmo2hzt7n2ojive6mvprtwc5qajveda._file

Result

Malware family:

antidot

Score:

10/10

Tags:

family:antidot

Link:

https://tria.ge/reports/251230-nqzrrsht9d/

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/b54d5afd-48a0-4443-a307-12b371e9ee2f

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.05

Link:

https://yomi.yoroi.company/submissions/506033f7a6ea5c9e4d89f9edcc998ed1f33fb74e4a2a4f32af8cec2ec009a906

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample